Do you remember your first phishing email?


(Warren White M.S. Cybersecurity) #1

The first time I was acquainted and learned about phishing was when I received an email saying that I have thousands of dollars that were waiting for me. All I had to do was get it from a bank in Africa. Nothing suspicious there. As a young adult, I inquired to see if it was authentic because I believe in anything can happen. They replied back saying it is true and they just need me to put an initial few hundred dollars for shipping and misc fees to receive the big payout. Needless to say, I gave them hundreds of my own money. Just kidding, but if I did that would have been devastating. I can only imagine how people feel if they fall for such a trick. I know there are people who are more susceptible to phishing and witnessed someone who had an online “relationship” with someone that just needed money for her wedding dress and a plane ticket so they can get married. He paid and regretted it, even after everyone said it was a scam. Many sad stories out there. Do you remember your first phish?


(Matt Parkes) #2

Thankfully now they don’t have to take your word for it, just switch on TV and watch Catfish the TV Show lol. My first phishing experience was many many years ago when I I used to sell a few things on Ebay. First I received an alert from Ebay saying someone had won the bid for the item and to expect communication from them shortly. Then I had a direct email from the buyer with a screenshot of PayPal showing them they had made the payment and to hurry with shipping. This thankfully never worked because 1. In my settings I had asked not to sell internationally and to not accept any bids from buyers with less than a 3 star rating of which this person did not match this criteria so the first flaw is in Ebay’s selling mechanisms - they obviously didn’t work and 2. I always log in directly to my PayPal account to check things and there was nothing there so straight away I knew it was a scam. Unfortunately in those days No one seemed to work in Ebay customer service so when I reported the buyer as fraudulent and what is supposed to happen is that the item goes back up for relisting foregoing any fees, however Ebay continued to chase me for the fees and did not give me the option to relist and they ignored all my emails and ultimately scrubbed my account. Never used them since. Technically not a fishing email but definitely a scam one.


(Warren White M.S. Cybersecurity) #3

That catfish show is funny and sad at the same time. You never know what is on the other side. I received one of those Ebay phishing emails too. It is good that you knew your settings, I almost fell for it too but I noticed how shotty the crafting of the email was and I alerted Ebay. I know it is not the same experience you received but there are so many emails out there that are starting to look like real receipts. I recently received an apple receipt phishing email that looked pretty real.

That is a horrible experience with Ebay, I am somewhat surprised that they did not help you at all with that issue. Thank the lord there is good customer support out there that is willing to help you out.


#4

Strangely, my story is similar. However, the email I received was a phishing email. It was 2005 and I had been in IT 16 years at that time. We all knew about best practices during implementation, baseline configuration checklists for servers, workstations and mobile devices. We knew to lock down firewalls and create specific traffic rules. However, using email as a malicious tool and targeting users was new and phishing was just in its infancy. If I wasn’t so skeptical, I may have fallen for it even being in the field for that long.

I was buying and selling regularly on Ebay. That meant using Paypal. I received an email asking me to pay fees for an item I sold. The email looked 100% legitimate except for a few revealing factors. I was wary of clicking on the link but then it brought me to what I thought was Paypal and I began to enter my information. As I typed, I thought I should take another look at the email. The logo was a bit fuzzy and the link addresses didn’t match the site that was shown. The 'Paypal site I was on was merely a clone of the Paypal site with a different URL. I realized this wasn’t right, stopped and contacted Paypal. They told me it was a ‘phishing’ email and gave me an email address to report it to. From then on, I began training users on how to spot dangerous or malicious email.


(Matt Parkes) #5

I don’t know what Ebay support is like these days, I am talking about years ago when Ebay first started. Like many companies it appeared that it preferred to offer customers the tools for self service of your account but when it came to the more tricky issues that couldn’t be solved through self help then there was no one at the end of an email address to help you and a telephone number was none existent at the time. Hopefully these days with the prevalence of wrong doing within this type of environment Ebay and similar companies hopefully perform better these days.

Unfortunately since that experience I have never used them since and never intend to. Once bitten twice shy as they say.